Does Breeze Cache have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Breeze Cache compatible with WordPress 6.9.4?

According to WordPress.org data, Breeze Cache 2.4.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Breeze Cache compatible with PHP 7.4+?

Breeze Cache requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Breeze Cache updated?

Breeze Cache was last updated on Apr 8, 2026. Frequent updates are generally a positive security signal.

What is Breeze Cache's security score?

Breeze Cache has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Breeze Cache Security & Risk Analysis

wordpress.org/plugins/breeze

Breeze is a caching plugin developed by Cloudways. Breeze uses advance caching systems to improve site loading times exponentially.

400K active installs v2.4.4 PHP 7.4+ WP 6.0+ Updated Apr 8, 2026

cachecachingcdnperformancewp-cache

A · Safe

CVEs total9

Unpatched0

Last CVEApr 22, 2026

Download

Safety Verdict

Is Breeze Cache Safe to Use in 2026?

Generally Safe

Score 89/100

Breeze Cache has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

9 known CVEsLast CVE: Apr 22, 2026Updated 1mo ago

Risk Assessment

The plugin 'breeze' v2.4.2 exhibits a mixed security posture. On one hand, it demonstrates good practices in several areas, including a high percentage of SQL queries using prepared statements and properly escaped output. The absence of critical or high-severity taint flows, and a lack of unpatched CVEs, are also positive indicators. However, the plugin presents significant concerns due to its attack surface. A substantial number of AJAX handlers (15 out of 32) lack authentication checks, creating a direct pathway for unauthorized actions. The presence of the `unserialize` function without evident sanitization is a potential risk, especially if the data being unserialized originates from user input. The plugin's vulnerability history, with 8 medium-severity CVEs primarily related to Missing Authorization, Improper Neutralization of Input, and CSRF, suggests a pattern of past security weaknesses that, while currently patched, highlight areas that require ongoing vigilance. The existence of 15 unprotected entry points and a known history of authorization and input validation issues warrants caution, despite the current lack of actively exploited or critical vulnerabilities.

Key Concerns

AJAX handlers without auth checks
Dangerous function 'unserialize' found
8 medium CVEs in vulnerability history

Vulnerabilities

9 published

Breeze Cache Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

3 CVEs in 2024

2024

1 CVE in 2025

2025

3 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

Medium

9 total CVEs

CVE-2026-3844critical · 9.8Unrestricted Upload of File with Dangerous Type

Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote

Apr 22, 2026 Patched in 2.4.5 (1d)

CVE-2025-13864medium · 5.3Missing Authorization

Breeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache Deletion

Feb 18, 2026 Patched in 2.2.22 (1d)

CVE-2025-69364medium · 5.3Missing Authorization

Breeze <= 2.2.21 - Missing Authorization

Jan 13, 2026 Patched in 2.2.22 (7d)

CVE-2025-23999medium · 4.3Missing Authorization

Breeze <= 2.2.13 - Missing Authorization

Jun 18, 2025 Patched in 2.2.14 (8d)

CVE-2024-50431medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Breeze <= 2.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting

Oct 24, 2024 Patched in 2.1.15 (7d)

CVE-2024-50422medium · 5.3Missing Authorization

Breeze <= 2.1.14 - Missing Authorization

Oct 24, 2024 Patched in 2.1.15 (7d)

CVE-2024-27188medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Breeze <= 2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via breeze_api_token

Mar 25, 2024 Patched in 2.1.4 (4d)

WF-80192348-dcf4-4bab-80d1-ae7a4d194270-breezemedium · 4.3Cross-Site Request Forgery (CSRF)

Breeze <= 2.0.8 - Cross-Site Request Forgery via import_json_settings

Sep 19, 2022 Patched in 2.0.9 (491d)

CVE-2022-29444medium · 6.5Missing Authorization

Breeze – WordPress Cache Plugin <= 2.0.2 - Unprotected AJAX Actions

May 2, 2022 Patched in 2.0.3 (630d)

Version History

Breeze Cache Release Timeline

v2.4.4Current1 CVE

CVE-2026-3844

v2.4.31 CVE

CVE-2026-3844

v2.4.21 CVE4 files changed

CVE-2026-3844

v2.4.11 CVE3 files changed

CVE-2026-3844

v2.4.01 CVE30 files changed

CVE-2026-3844

v2.3.11 CVE4 files changed

CVE-2026-3844

v2.3.01 CVE21 files changed

CVE-2026-3844

v2.2.241 CVE40 files changed

CVE-2026-3844

v2.2.231 CVE10 files changed

CVE-2026-3844

v2.2.221 CVE10 files changed

CVE-2026-3844

v2.2.213 CVEs8 files changed

CVE-2025-69364 CVE-2025-13864 CVE-2026-3844

v2.2.203 CVEs30 files changed

CVE-2025-69364 CVE-2025-13864 CVE-2026-3844

v2.2.193 CVEs21 files changed

CVE-2025-69364 CVE-2025-13864 CVE-2026-3844

v2.2.183 CVEs12 files changed

CVE-2025-69364 CVE-2025-13864 CVE-2026-3844

v2.2.173 CVEs6 files changed

CVE-2025-69364 CVE-2025-13864 CVE-2026-3844

v2.2.163 CVEs4 files changed

CVE-2025-69364 CVE-2025-13864 CVE-2026-3844

v2.2.153 CVEs4 files changed

CVE-2025-69364 CVE-2025-13864 CVE-2026-3844

v2.2.143 CVEs3 files changed

CVE-2025-69364 CVE-2025-13864 CVE-2026-3844

v2.2.134 CVEs3 files changed

CVE-2025-69364 CVE-2025-23999 CVE-2025-13864 +1 more

v2.2.124 CVEs315 files changed

CVE-2025-69364 CVE-2025-23999 CVE-2025-13864 +1 more

Code Analysis

Analyzed Mar 16, 2026

Breeze Cache Code Analysis

Dangerous Functions

Raw SQL Queries

73 prepared

Unescaped Output

394 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$datas = unserialize( $cacheFile );inc\cache\execute-cache.php:617

SQL Query Safety

87% prepared84 total queries

Output Escaping

96% escaped411 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

7 flows

update_options_for_inherit (inc\breeze-configuration.php:572)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

15 unprotected

Breeze Cache Attack Surface

Entry Points33

Unprotected15

AJAX Handlers 32

authwp_ajax_breeze_purge_varnishinc\breeze-admin.php:665

authwp_ajax_breeze_purge_fileinc\breeze-admin.php:672

authwp_ajax_breeze_purge_databaseinc\breeze-admin.php:673

authwp_ajax_breeze_purge_opcacheinc\breeze-admin.php:674

authwp_ajax_breeze_reset_defaultinc\breeze-admin.php:675

authwp_ajax_breeze_check_cdn_urlinc\breeze-admin.php:676

authwp_ajax_breeze_apply_optimizationinc\breeze-admin.php:679

authwp_ajax_breeze_check_compatibilityinc\breeze-admin.php:680

authwp_ajax_breeze_restore_settingsinc\breeze-admin.php:681

authwp_ajax_breeze_hide_optimization_noticeinc\breeze-admin.php:682

authwp_ajax_save_settings_tab_basicinc\breeze-configuration.php:29

authwp_ajax_save_settings_tab_fileinc\breeze-configuration.php:30

authwp_ajax_save_settings_tab_preloadinc\breeze-configuration.php:31

authwp_ajax_save_settings_tab_advancedinc\breeze-configuration.php:32

authwp_ajax_save_settings_tab_heartbeatinc\breeze-configuration.php:33

authwp_ajax_save_settings_tab_databaseinc\breeze-configuration.php:34

authwp_ajax_save_settings_tab_cdninc\breeze-configuration.php:35

authwp_ajax_save_settings_tab_toolsinc\breeze-configuration.php:36

authwp_ajax_save_settings_tab_faqinc\breeze-configuration.php:37

authwp_ajax_save_settings_tab_varnishinc\breeze-configuration.php:38

authwp_ajax_save_settings_tab_inheritinc\breeze-configuration.php:39

authwp_ajax_refresh_api_token_keyinc\breeze-configuration.php:41

authwp_ajax_store_update_countinc\class-breeze-bulk-update.php:16

authwp_ajax_breeze_file_permission_checkinc\class-breeze-file-permissions.php:28

authwp_ajax_breeze_dismiss_cache_noticeinc\class-breeze-file-permissions.php:31

authwp_ajax_shortpixel_ai_handle_page_actioninc\compatibility\class-breeze-shortpixel-compatibility.php:13

authwp_ajax_compatibility_warning_closeinc\plugin-incompatibility\class-breeze-incompatibility-plugins.php:43

noprivwp_ajax_breeze_woocs_currency_getinc\plugin-incompatibility\class-breeze-woocs-compatibility.php:15

authwp_ajax_breeze_woocs_currency_getinc\plugin-incompatibility\class-breeze-woocs-compatibility.php:16

authwp_ajax_breeze_export_jsoninc\wp-cli\class-breeze-settings-import-export.php:15

authwp_ajax_breeze_import_jsoninc\wp-cli\class-breeze-settings-import-export.php:16

authwp_ajax_breeze_load_options_tabviews\option-tabs-loader.php:11

REST API Routes 1

POST/wp-json/breeze/v1/clear-all-cacheinc\class-breeze-api.php:30

WordPress Hooks 115

actioninitbreeze.php:138

actioninitbreeze.php:175

actioninitbreeze.php:249

actioninitbreeze.php:260

actionbreeze_reset_defaultbreeze.php:276

actioninitinc\breeze-admin.php:30

actionwp_enqueue_scriptsinc\breeze-admin.php:38

actionbreeze_clear_all_cacheinc\breeze-admin.php:41

actionbreeze_clear_varnishinc\breeze-admin.php:42

actiontransition_post_statusinc\breeze-admin.php:45

actionwoocommerce_after_product_object_saveinc\breeze-admin.php:49

actionadmin_initinc\breeze-admin.php:53

actionadmin_menuinc\breeze-admin.php:56

actionnetwork_admin_menuinc\breeze-admin.php:57

actionadmin_noticesinc\breeze-admin.php:65

actionadmin_bar_menuinc\breeze-admin.php:72

actionadmin_enqueue_scriptsinc\breeze-admin.php:75

actionwp_headinc\breeze-admin.php:77

actionwpmu_new_bloginc\breeze-admin.php:89

actionadmin_initinc\breeze-admin.php:92

actionwp_logininc\breeze-admin.php:109

actionwp_footerinc\breeze-admin.php:290

actionadmin_noticesinc\breeze-admin.php:313

actioninitinc\breeze-admin.php:1334

filterpost_row_actionsinc\cache\class-purge-post-cache.php:19

filterpage_row_actionsinc\cache\class-purge-post-cache.php:20

actionpost_action_clear-breeze-cacheinc\cache\class-purge-post-cache.php:21

actionadmin_noticesinc\cache\class-purge-post-cache.php:22

filterremovable_query_argsinc\cache\class-purge-post-cache.php:23

actionactivated_plugininc\cache\ecommerce-cache.php:9

actiondeactivated_plugininc\cache\ecommerce-cache.php:10

actionwp_loadedinc\cache\ecommerce-cache.php:11

actionpre_post_updateinc\cache\purge-cache.php:37

actionsave_postinc\cache\purge-cache.php:38

actionsave_postinc\cache\purge-cache.php:39

actionedited_terminc\cache\purge-cache.php:41

actionwp_trash_postinc\cache\purge-cache.php:42

actionwp_trash_postinc\cache\purge-cache.php:43

actioncomment_postinc\cache\purge-cache.php:44

actionwp_set_comment_statusinc\cache\purge-cache.php:45

actionspammed_commentinc\cache\purge-cache.php:46

actiontrashed_commentinc\cache\purge-cache.php:47

actionedit_commentinc\cache\purge-cache.php:48

actionset_comment_cookiesinc\cache\purge-cache.php:49

actionswitch_themeinc\cache\purge-cache.php:51

actioncustomize_save_afterinc\cache\purge-cache.php:52

actionpurge_post_cacheinc\cache\purge-cache.php:53

actionbreeze_purge_cacheinc\cache\purge-per-time.php:43

actioninitinc\cache\purge-per-time.php:44

filtercron_schedulesinc\cache\purge-per-time.php:45

actioninitinc\cache\purge-varnish.php:49

actioncomment_postinc\cache\purge-varnish.php:70

actionwp_set_comment_statusinc\cache\purge-varnish.php:71

actionshutdowninc\cache\purge-varnish.php:74

actiontemplate_redirectinc\cdn-integration\breeze-cdn-integration.php:26

filterbreeze_cdn_content_returninc\cdn-integration\breeze-cdn-integration.php:56

actionrest_api_initinc\class-breeze-api.php:19

actionupgrader_process_completeinc\class-breeze-bulk-update.php:13

actionactivate_plugininc\class-breeze-bulk-update.php:14

actiondeactivate_plugininc\class-breeze-bulk-update.php:15

actionadmin_footerinc\class-breeze-bulk-update.php:17

actionbreeze_clear_remote_gravatarinc\class-breeze-cache-cronjobs.php:28

filterget_avatarinc\class-breeze-cache-cronjobs.php:29

actionswitch_themeinc\class-breeze-cloudflare-helper.php:20

actionbreeze_scheduled_purgeinc\class-breeze-cloudflare-helper.php:21

actioninitinc\class-breeze-disable-emoji-option.php:25

filteremoji_svg_urlinc\class-breeze-disable-emoji-option.php:68

filtertiny_mce_pluginsinc\class-breeze-disable-emoji-option.php:73

filterwp_resource_hintsinc\class-breeze-disable-emoji-option.php:75

filtersmiliesinc\class-breeze-disable-emoji-option.php:76

filterwp_resource_hintsinc\class-breeze-dns-prefetch.php:11

actionadmin_noticesinc\class-breeze-file-permissions.php:21

actionnetwork_admin_noticesinc\class-breeze-file-permissions.php:22

actionadmin_noticesinc\class-breeze-file-permissions.php:25

actionnetwork_admin_noticesinc\class-breeze-file-permissions.php:26

actionadmin_initinc\class-breeze-file-permissions.php:379

actionadmin_enqueue_scriptsinc\class-breeze-heartbeat-settings.php:55

actionwp_enqueue_scriptsinc\class-breeze-heartbeat-settings.php:57

filterheartbeat_settingsinc\class-breeze-heartbeat-settings.php:59

actionenqueue_block_editor_assetsinc\class-breeze-heartbeat-settings.php:61

actionwp_enqueue_scriptsinc\class-breeze-prefetch.php:19

actionwp_headinc\class-breeze-preload-fonts.php:19

actionwoocommerce_checkout_order_processedinc\class-breeze-woocommerce-product-cache.php:18

actionwoocommerce_order_status_changedinc\class-breeze-woocommerce-product-cache.php:20

actioninitinc\class-breeze-woocommerce-product-cache.php:177

actionsave_postinc\class-exclude-pages-by-shortcode.php:17

actionfusion_cache_reset_afterinc\compatibility\class-breeze-avada-cache.php:14

actionelementor/editor/after_saveinc\compatibility\class-breeze-elementor-template.php:15

actionelementor/core/files/clear_cacheinc\compatibility\class-breeze-elementor-template.php:17

actionplugins_loadedinc\compatibility\class-breeze-elementor-template.php:75

actioninitinc\compatibility\class-breeze-shortpixel-compatibility.php:15

actionbreeze_pixel_cache_eventinc\compatibility\class-breeze-shortpixel-compatibility.php:17

actiontec_common_settings_manager_post_set_optionsinc\compatibility\class-breeze-the-events-calendar.php:15

actionset_auth_cookieinc\functions.php:213

actionclear_auth_cookieinc\functions.php:238

actioninitinc\functions.php:249

filterbreeze_js_ignore_minifyinc\helpers.php:725

actioninitinc\minification\breeze-minify-main.php:63

actionwp_loadedinc\minification\breeze-minify-main.php:65

filterbreeze_minify_content_returninc\minification\breeze-minify-main.php:159

filterbreeze_filter_html_noptimizeinc\plugin-incompatibility\breeze-amp-compatibility.php:13

filterbreeze_filter_js_noptimizeinc\plugin-incompatibility\breeze-amp-compatibility.php:16

filterbreeze_filter_css_noptimizeinc\plugin-incompatibility\breeze-amp-compatibility.php:19

filterbreeze_use_native_lazy_loadinc\plugin-incompatibility\breeze-amp-compatibility.php:22

actionwpinc\plugin-incompatibility\breeze-amp-compatibility.php:27

actionadmin_noticesinc\plugin-incompatibility\class-breeze-incompatibility-plugins.php:40

actionnetwork_admin_noticesinc\plugin-incompatibility\class-breeze-incompatibility-plugins.php:41

actionwp_footerinc\plugin-incompatibility\class-breeze-woocs-compatibility.php:19

filterupgrader_pre_installinc\rollback\class-breeze-plugin-updater.php:59

filterupgrader_pre_installinc\rollback\class-breeze-plugin-updater.php:60

filterupgrader_clear_destinationinc\rollback\class-breeze-plugin-updater.php:61

filterupgrader_post_installinc\rollback\class-breeze-plugin-updater.php:62

actionadmin_menuinc\rollback\class-breeze-rollback.php:40

actionnetwork_admin_menuinc\rollback\class-breeze-rollback.php:42

actionwp_loadedinc\upgrade.php:26

Scheduled Events 5

breeze_purge_cache

breeze_clear_remote_gravatar

breeze_scheduled_purge

breeze_pixel_cache_event

Maintenance & Trust

Breeze Cache Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 8, 2026

PHP min version7.4

Downloads14.1M

Community Trust

Rating70/100

Number of ratings124

Active installs400K

Alternatives

Breeze Cache Alternatives

WP Super Cache

wp-super-cache

A very fast caching engine for WordPress that produces static html files.

1.0M 12 CVEs

DB Cache Reloaded Fix

db-cache-reloaded-fix

The fastest cache engine for WordPress, that produces cache of database queries with easy configuration. Compatible with WordPress 3.4

2K No CVEs

Serve Static – Automatic WordPress Static Page generator

serve_static

Serve Static is a static HTML page generator WordPress plugin to create and serve static copies of your existing web pages to avoid PHP/DB load.

100 No CVEs

WP Nav Menu Cache

wp-nav-menu-cache

Create cache for dynamically generated navigation menu HTML and serve from a static file. It reduces some MySQL queries and increases page speed.

80 No CVEs

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

wp-optimize

Get caching and more with this powerful cache plugin. Cache, optimize images, clean your database and minify for maximum performance.

1.0M 5 CVEs

Developer Profile

Breeze Cache Developer Profile

Cloudways

3 plugins · 424K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

128 days

View full developer profile

Detection Fingerprints

How We Detect Breeze Cache

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/breeze/css/admin.css/wp-content/plugins/breeze/css/frontend.css/wp-content/plugins/breeze/css/minification.css/wp-content/plugins/breeze/css/style.css/wp-content/plugins/breeze/js/admin.js/wp-content/plugins/breeze/js/frontend.js/wp-content/plugins/breeze/js/minification.js/wp-content/plugins/breeze/js/recovery.js+1 more

Script Paths

/wp-content/plugins/breeze/js/admin.js/wp-content/plugins/breeze/js/frontend.js/wp-content/plugins/breeze/js/minification.js/wp-content/plugins/breeze/js/recovery.js/wp-content/plugins/breeze/js/settings.js

Version Parameters

breeze/css/admin.css?ver=breeze/css/frontend.css?ver=breeze/css/minification.css?ver=breeze/css/style.css?ver=breeze/js/admin.js?ver=breeze/js/frontend.js?ver=breeze/js/minification.js?ver=breeze/js/recovery.js?ver=breeze/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

breeze-options-pagebreeze-noticebreeze-admin-noticebreeze-settings-sectionbreeze-input-groupbreeze-togglebreeze-ajax-noncebreeze-cache-clear+2 more

HTML Comments

+1 more

Data Attributes

data-breeze-noncedata-breeze-actiondata-breeze-settings

JS Globals

BreezeAdminBreezeFrontendBreezeMinificationbreeze_ajax_object

REST Endpoints

/wp-json/breeze/v1/clear-cache/wp-json/breeze/v1/get-settings/wp-json/breeze/v1/save-settings

Shortcode Output

[breeze_cache_status][breeze_minify_css][breeze_minify_js]

FAQ

Breeze Cache Security & Risk Analysis

Is Breeze Cache Safe to Use in 2026?

Generally Safe

Key Concerns

Breeze Cache Security Vulnerabilities

CVEs by Year

Severity Breakdown

Breeze Cache Release Timeline

Breeze Cache Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Breeze Cache Attack Surface

AJAX Handlers 32

REST API Routes 1

Scheduled Events 5

Breeze Cache Maintenance & Trust

Maintenance Signals

Community Trust

Breeze Cache Alternatives

WP Super Cache

DB Cache Reloaded Fix

Serve Static – Automatic WordPress Static Page generator

WP Nav Menu Cache

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

Breeze Cache Developer Profile

How We Detect Breeze Cache

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Breeze Cache